Split submodules for maven project

[F-PHantam]

Split submodules for maven project
Close #62

[sonatype-lift]

Severe Vulnerability:

pkg:maven/org.apache.flink/flink-clients_2.12@1.14.3

0 Critical, 6 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components

pkg:maven/org.scala-lang/scala-compiler@2.12.7

SEVERE Vulnerabilities (6)




sonatype-2014-0026

[sonatype-2014-0026] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery - Cross-Site Scripting (XSS)

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVSS Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE: CWE-79

CVE-2019-11358

[CVE-2019-11358] jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

CVSS Score: 6.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-1321

CVE-2020-11023

[CVE-2020-11023] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS Score: 6.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

CVE-2020-7656

[CVE-2020-7656] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

CVSS Score: 6.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

sonatype-2012-0009

[sonatype-2012-0009] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JQuery - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVSS Score: 6.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

sonatype-2016-0107

[sonatype-2016-0107] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery - Cross-Site Scripting (XSS) [CVE-2015-9251]

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVSS Score: 6.1

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

---

Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

---

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]